Main Vulnerability Database Vulnerabilities #VU79735

Buffer overflow in tinyproxy - CVE-2001-0129

Published: August 20, 2023

Vulnerability identifier: #VU79735

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2001-0129

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: tinyproxy

Affected software:
tinyproxy

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing CONNECT requests. A remote attacker can send an overly long CONNECT request to the server, trigger memory corruption and execute arbitrary code on the target system.

How to mitigate CVE-2001-0129

Install updates from vendor's website.

Sources

http://marc.info/?l=bugtraq&m=97975486527750&w=2
http://www.debian.org/security/2001/dsa-018
http://www.securityfocus.com/bid/2217
https://exchange.xforce.ibmcloud.com/vulnerabilities/5954

Buffer overflow in tinyproxy - CVE-2001-0129

Detailed vulnerability description

How to mitigate CVE-2001-0129

Sources

Please verify you're human